Should DA forums be member only reading?

Should DA Forums be "licensed users only"

  • Yes, close off sensitive areas to "members only"

    Votes: 16 45.7%

  • No, everything should be public

    Votes: 19 54.3%

  • I dont really care

    Votes: 0 0.0%
  • Total voters
    35
If a forum for only security reports is setup, you can subscribe to that forum and receive reports of new threads and replies.
Click to expand...
I though about your idea of subscribing to the security forum, but if I did that I would receive an email for each new post in those forums, right? That could easily result in several emails a day, instead of just one or two every other week in case of a mailing list only informing me of security issues I really should know about.

Receiving several email notificaitions a day and finding out that many of them contain information that I did not have to read could soon undermine the usefullnes of that solution I think and could even result in admins not returning after a while.
 
Not the mailing list itself, but information would then be scattered among the mailing list and the forums.
 
The subscribe to forum feature should be customizable to also send a summary at the end of the day, at least in the newer versions of vB, I've only tried it on WHT.
 
jmstacey said:
Not the mailing list itself, but information would then be scattered among the mailing list and the forums.
Click to expand...

Well, that's why I made the suggestion to include a link in the email to the thread on this forum that discusses the issue, the email itself could be brief. Similar to how DA uses links to this forum when they report bugfixes in the version history of DA. The email would have the function of a "heads-up". Details could be found here.
 
A mailing list would be easy enough to implement. It would have to be moderated, or else as one poster noted, lots of posts that weren't important would be competing for our attention. Who's going to moderate it?

And who's to make sure no one would post sensitive information in the forum anyway?

The biggest problem I see with having separate sections of the forum is that anyone could still post to the open section.

The biggest problem I see with having a complete closed forum is that it wouldn't be googlable (is that a word :) ?).

A mailing list is easy to implement. A forum is easy to secure for members only, or (with Mark's help even for paid owners only).

But come up with answers to my problems first.

Here's a way to solve the problem:
A few weeks ago the Tektonic forums became so full of negative information about Tektonic the company that they just shut deleted the whole forum.

:)

Jeff
 
jlasman said:
A mailing list would be easy enough to implement. It would have to be moderated, or else as one poster noted, lots of posts that weren't important would be competing for our attention.
Click to expand...

Well, actually I wouln't allow anyone to send mail to the list except you and the guys from DA.

I would think that if you read a security related post on this forum that you think all admins should know about, you would simply write an email to the list with a link to the thread on this forum. Discussions would be continued here, not on the list!
 
Which brings me back to my suggestion of subscribing to the forum. If you limit the ability to create new threads to only a few select members (moderators), even if you do choose to get an email for every new thread, you would be receiving the same amount of emails as the mailing list.
 
The biggest problem I see with having separate sections of the forum is that anyone could still post to the open section.
Click to expand...
True, but it would be containted to a single of handful of forums. If you really didn't want to delete the threads that were irrelevant another forum could be setup as sort of a trash bin where threads could be moved to.

The biggest problem I see with having a complete closed forum is that it wouldn't be googlable (is that a word ?).
Click to expand...
My original suggestion of leaving all forums publicly readable and only verified members allowed to post would fix this.

You shouldn't be posting sensitive information regardless of whether the forum is "secured" or not.
 
Last edited:
jmstacey said:
Which brings me back to my suggestion of subscribing to the forum. If you limit the ability to create new threads to only a few select members (moderators), even if you do choose to get an email for every new thread, you would be receiving the same amount of emails as the mailing list.
Click to expand...

Ahh, you mean a security related forum that users of this forum could only read but cannot post to, only DA and moderators could? Hm, that could also be a solution I think...

Ok, in that case I have one more suggestion:

Add a link to this forum to the Admin section of the DA user-interface (that should not take more than 60 seconds to implement I think :) )
I'm sure there are a lot of DA admins out there that don't know about this forum. At least that way we can let them know about it.
 
I still don't see any problem being solved. If there were a separate closed forum where we'd announce security issues how would that stop anyone else from writing them up in other forum sections? It wouldn't.

Unless we closed the whole forum to all writing. And then all new posts would have to be moderated. No thanks.

What Jon is suggesting isn't viable; by the time I get to the posts they're sometimes days old, so moving them to private forum pages is a bit late.

And by then google may have even cached them.

Jeff
 
If I leased a dedicated server, and pay monthly for my DA Control Panel along with my monthly server cost, would I be considered a member and have access to the member only verson? Want to make sure before I vote.
 
I would say yes, but I don't have any say. That brings up another issue of what to do with short term (month-to-month) licencee's after their license expires...

The more I think about it the idea that is looking most promising would be to leave it the way it is. Only require registration to post (not license checked or limited, just email verification), and either hire or add more volunteer moderators.

Besides DA staff and jlasman, I don't think I've seen ProWebUK around in a long time...
 
jlasman said:
If there were a separate closed forum where we'd announce security issues how would that stop anyone else from writing them up in other forum sections? It wouldn't.

Unless we closed the whole forum to all writing. And then all new posts would have to be moderated. No thanks.

What Jon is suggesting isn't viable; by the time I get to the posts they're sometimes days old, so moving them to private forum pages is a bit late.
Click to expand...

Ok, lets go back for a moment to the idea that started this thread:

What would be the reason for wanting to close (part of) the forum?

I think the reason for this idea is based on the fear that hackers may learn of an exploit while there are still Admins out there that haven't patched their servers yet, or worse, don't even know about the problem!

BUT, I think it is unrealistic to assume that there is a way to prevent information from getting in the hands of hackers. I don't think that closing (part of) the forum is a solution to that problem.
As far as I can see, the best solution is to take the advantage of learning about an exploit early, away from the hackers by having a mechanism that will let all Admins know about the issue as soon as it is discovered, so they can plug the hole before hackers can exploit it.

This requires a way of communication that is:
1) Fast
2) All Admins should know about it
3) All Admins should have access to it

A mailing list would satisfy all three requirements, especially if subscribing to the list is done through a link in the admin section of the DA user-interface.
 
Last edited:
jmstacey said:
either hire or add more volunteer moderators.
Click to expand...
The more moderators the harder it is to come to concensus, not easier.

Many times I've contacted either John or Mark to ask them how I should respond to a specific article; it's not easy to moderate.

So before hiring anyone else, perhaps they'll consider giving me a raise :p
Besides DA staff and jlasman, I don't think I've seen ProWebUK around in a long time...
Click to expand...
I was thinking that myself.

Jeff
 
You must log in or register to reply here.
Back
Top